Hackers Still Breaching Local Government Payment Portals
Hackers have been targeting Click2Gov payment portals and had compromised at least eight US municipalities since August 2019. The attacks were discovered after a new batch of 20,000 payment card details surfaced in carding forums.
Click2Gov is a self-service portal where US citizens can pay taxes and bills. Since 2017, a hacker group began targeting self-hosted Click2Gov portals that were lagging in software patches. More than 300,000 payment card details were pilfered from vulnerable Click2Gov portals in at least 46 US cities, netting the hackers an estimated US$1.7 million in revenue. It remains unclear how hackers breached the updated Click2Gov portal in the latest campaign but investigators believed the hackers may have left a hidden backdoor during the attacks in 2017 and 2018.
References:Second Wave of Click2Gov Breaches Hits United States
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services